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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

1 . (Currently Amended) A method for determining and enforcing security 
policy in a communication session for a group of participants, the method comprising: 

providing group and local policies whe r ein each local policy states a set of local 
requi r ements fo r the session for a participant and the group policy r e pr esents a set of 
conditional, secu r ity-relevant requirements to sup p o r t the session wherein the policies specify 
requirements : 

generating a policy instance that applies to the group based on the group and 
local policies wherein the policy instance defines a configuration of security-related services 
used to implement [[the]] a session and r ules used for authorization and access control of 
participants to the session ; 

analyzing the policy instance with respect to a set of correctness principles; 

distributing the policy instance to the participants; and 

enfo r cing the security policy based on the rules throughout the session. 

verifying that the policy instance complies with the policies. 

2. (Currently Amended) The method as claimed in claim [[1]] 28 wherein 
the step of distributing includes the steps of authorizing a potential participant to participate 
in the session based on the rules and determining whether the potential participant has a right 
to view the security policy. 

3. (Original) The method as claimed in claim 1 wherein the step of 
analyzing verifies that the policy instance adheres to a set of principles defining legal 
construction and composition of the security policy. 

4. (Original) The method as claimed in claim 1 wherein the step of 
generating includes the step of reconciling the group and local policies to obtain the policy 
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instance which is substantially compliant with each of the local policies and wherein the policy 
instance identifies relevant requirements of the session and how the relevant requirements are 
mapped into the configuration. 

5. (Canceled) 

6. (Currently Amended) The method as claimed in claim [[5]] 1 further 
comprising identifying parts of a local policy that are not compliant with the policy instance 
and determining modifications required to make the local policy compliant with the policy 
instance. 

7. (Currently Amended) The method as claimed in claim [[5]] 1 further 
comprising preventing a potential participant from participating in the session if the policy 
instance does not comply with the set of local requirements of the potential participant. 

8. (Currently Amended) The method as claimed in claim [[1]] 25 wherein 
the step of enforcing includes the steps of creating and processing events. 

9. (Original) The method as claimed in claim 8 wherein the step of 
enforcing includes delivering the events to security services via a real or software-emulated 
broadcast bus. 

10. (Original) The method as claimed in claim 8 wherein the step of creating 
events includes the step of translating application requests into the events. 

11. (Original) The method as claimed in claim 8 wherein the step of 
enforcing further includes the steps of creating and processing timers and messages. 



12. (Cancelled) 
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13. (Currently Amended) A system for determining and enforcing security 
policy in a communication session for a group of participants based on group and local policies 
wherein each local p olicy states a set of local r equi r ements for the session fo r a participant and 
the g r ou p policy r e pr esents a set of conditional, security- r elevant r equirements to support the 
session the group and local policies specify requirements that apply to the group , the system 
comprising: 

means for generating a policy instance based on the group and local policies 
wherein the policy instance defines a configuration of security-related services used to 
implement the session and rules used for authorization and access control of participants to the 
session; 

means for analyzing the policy instance with respect to a set of correctness 

principles; 

means for distributing the policy instance to the participants; and 

means fo r enforcing the secu r ity policy based on the rules throughout the 

s e ssion. 

means for verifying that the policy instance complies with the policies. 

14. (Original) The system as claimed in claim 13 wherein the means for 
distributing includes means for authorizing a potential participant to participate in the session 
based on the rules and determining whether the potential participant has a right to view the 
security policy. 

15. (Original) The system as claimed in claim 13 wherein the means for 
analyzing verifies that the policy instance adheres to a set of principles defining legal 
construction and composition of the security policy. 

16. (Original) The system as claimed in claim 13 wherein the means for 
generating includes means for reconciling the group and local policies to obtain the policy 
instance which is substantially compliant with each of the local policies and wherein the policy 
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instance identifies relevant requirements of the session and how the relevant requirements are 
mapped into the configuration. 

17. (Canceled) 

18. (Currently Amended) The system as claimed in claim [[17]] 13 further 
comprising means for identifying parts of a local policy that are not compliant with the policy 
instance and determining modifications required to make the local policy compliant with the 
policy instance. 

19. (Currently Amended) The system as claimed in claim [[17]] 13 further 
comprising means for preventing a potential participant from participating in the session if the 
policy instance does not comply with the set of local requirements of the potential participant. 

20. (Currently Amended) The system as claimed in claim [[13]] 29 wherein 
the means for enforcing includes means for creating and processing events. 

21. (Original) The system as claimed in claim 20 wherein the means for 
enforcing includes a real or software-emulated broadcast bus to deliver the events to security 
services. 

22. (Original) The system as claimed in claim 20 wherein the means for 
creating events includes means for translating application requests into the events. 

23. (Original) The system as claimed in claim 20 wherein the means for 
enforcing further includes means for creating and processing timers and messages. 



24. (Cancelled). 
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25 . (New) The method as claimed in claim 28 further comprising enforcing 
the security policy based on the rules throughput the session. 

26. (New) The method as claimed in claim 1 wherein the requirements 
include an access control requirement that gives an action, a condition on the action in which 
the control requirement applies, and determines whether the action should be permitted. 

27. (New) The method as claimed in claim 1 wherein the requirements 
include a provisioning requirement that provides a condition in which the provisioning 
requirement applies and an acceptable configuration alternative under the condition. 

28. (New) The method as claimed in claim 1 wherein the policy instance 
further defines rules used for authorization and access control of participants to the session. 

29. (New) The system as claimed in claim 13 further comprising means for 
enforcing the security policy based on the rules throughout the session. 

30. (New) The system as claimed in claim 13 wherein the requirements 
include an access control requirement that gives an action, a condition on the action in which 
the control requirement applies, and determines whether the action should be permitted. 

31. (New) The system as claimed in claim 13 wherein the requirements 
include a provisioning requirement that provides a condition in which the provisioning 
requirement applies and an acceptable configuration alternative under the condition. 



